Welcome to the sensory universe THAIco SPA Give yourself moments of complete serenity Book Now Gift Card

Privacy Policy

Privacy Policy on the Processing of Personal Data

We consider ensuring the right to the protection of personal data as a fundamental THAIco SPA commitment, so we will devote all necessary resources and efforts to process your data in full compliance with Regulation (EU) 2016/679 ("General Data Protection Regulation" or "GDPR"), as well as with any other legislation applicable in Romania. As one of the essential principles of this legal framework is transparency, we have prepared this document in forming you about how we collect, use, transfer and protect your personal data when you interact with us in connection with our products and services, including through our website or through the apps available on your mobile phone.

We reserve the right to update and modify this Privacy Policy from time to date to reflect any changes in the way we process your personal data or any changes to legal requirements. In the event of any such change, we will display the amended version of the Privacy Policy on our website, which is why we ask you to periodically check the content of this Privacy Policy.

Who we are and how you can contact us

THAIco SPA is the commercial name of VIP EVENTS SRL, a legal person of Romanian nationality, having its registered office in Bucharest, Entry Sevastopol no.1, sector 1 with serial number in the Trade Register J40/3309/2009 , unique tax registration code 25267799 (hereinafter "THAIco SPA" or "we"). For the purposes of data protection legislation, we are an controller when processing your personal data.

Since we are always open to finding out your opinions, as well as to provide you with any additional information you may need regarding the processing of your data, we encourage you to contact the DATA Protection Officer at the contact email address[@]thaicospa.ro or by post or courier at Sevastopol Entry No.1, Sector 1 Bucharest – with the mention: to the DATA Protection Officer OF THAICO SPA.

What categories of personal data do we process

In general, we collect your data. directly from you, so you have control over the type of information you provide us. As an example, we receive information from you. Such:

When placing an order, you provide us with information such as: the desired product, first and last name, delivery address, billing details, payment method, phone number, bank card details, etc.

We may also collect and process certain information about your behaviour while visiting our website or using the smartphone app to personalize your online experience and provide you with offers tailored to your profile. We invite you to learn more about this by consulting the section on the purposes of processing below.

On our website we may store and collect information in cookies and similar technologies in accordance with the Cookie Policy.

We do not collect or otherwise process sensitive data included by the General Data Protection Regulation into special categories of personal data. We also do not wish to collect or process data of minors under the age of 16.

What are the purposes and grounds of processing

We will use your data. for the following purposes:

Pentru prestarea serviciilor THAIco SPA în beneficiul dvs.
Acest scop general poate include, după caz, următoarele:

a) Processing of orders, including taking, validating, dispatching and invoicing them;

b) Resolution of cancellations or problems of any kind relating to an order, the services purchased;

c) Return of products in accordance with legal provisions;

d) Reimbursement of the value of the products in accordance with the legal provisions;

e) Providing support services, including providing answers to your questions about your orders or THAIco SPA services or THAIco SPA partners.

Processing your data for these purposes is in most cases necessary for the conclusion and execution of a service between THAIco SPA and you. Certain processes subsumed to these purposes are also required by applicable law, including tax and accounting legislation.

Pentru marketing
Vrem să vă ținem la curent cu privire la cele mai bune oferte pentru produsele/serviciile care vă interesează. În acest sens, vă putem trimite orice tip de mesaj (cum ar fi: e-mail/SMS/telefonic/mobile push/webpush/etc.)  continand informatii generale si tematice, informatii cu privire la produse similare sau complementare cu cele pe care le-ati achizitionat, informatii cu privire la oferte sau promotii, informatii referitoare la servicii adaugate adaugate. Ne asigurăm întotdeauna că aceste prelucrări se efectuează cu respectarea drepturilor și libertăților dvs. și că deciziile luate în baza acestora nu au efecte legale asupra dvs. și nu vă  afectează similar într-o măsură semnificativă.

In most cases, we base our marketing communications on your consent. Advance. You can change your mind and withdraw your consent at any time by:

– Access the unsubscribe link displayed within the messages you receive from us; or by

– ContactTHAIco SPA using the contact details described above.

In certain situations, we can base our marketing activities on our legitimate interest in promoting and developing our business. In any situation where we use information about you. for a legitimate interest of ours, we take care and take all necessary measures to ensure that your rights and freedoms are not in the right to use the rights and freedoms of the fundamental principles are not affected. However, you can ask us at any time, by the means described above, to stop processing your data. for marketing purposes, and we will comply with your request.

Pentru apărarea intereselor noastre legitime
Pot exista situații în care vom folosi sau transmite informații pentru a ne proteja drepturile și activitatea comercială. Acestea pot include:

– Measures to protect the website and users of the THAIco SPA platform from cyber attacks:

– Measures to prevent and detect attempted fraud, including the transmission of information to the competent public authorities;

– Measures to manage the various other risks.

The general basis of these types of processing is our legitimate interest in defending our business, being understood that we ensure that all measures we take guarantee a balance between our interests and your rights and freedoms. Fundamental.

As long as we keep your data. Personal

As a general rule, we will store your data. personal data for an indefinite period. You may request that certain information be deleted at any time and we will comply with such requests, subject to the preservation of certain information even after the account is closed, in situations where applicable law or our legitimate interests require it.

Who do we transmit your data to? Personal

Where applicable, we may transmit or provide access to certain personal data of yours. the following categories of recipients:

– payment/banking service providers (Mobilpay.ro – Privacy Policy);

– providers of statistics and web traffic services (Google Analytics – Privacy Policy);

If we have a legal obligation or if it is necessary to defend a legitimate interest, we may also disclose certain personal data to public authorities.

We make sure that access to your personal data is available to you. by third-party legal persons governed by private law shall be carried out in accordance with the legal provisions on data protection and confidentiality of information, on the basis of contracts concluded with them.

Which countries do we transfer your data to? Personal

We currently store and process your data. personal data on the territory of Romania.

However, we may transfer some of your data. entities located in the European Union or outside the Union, including countries to which the European Commission has not recognised an adequate level of protection of personal data.

We will always take steps to ensure that any international transfer of personal data is carefully managed in order to protect your rights and interests. Transfers to service providers and other third parties will always be protected by contractual commitments and, where appropriate, other safeguards, such as standard contractual clauses issued by the European Commission or certification schemes, such as the Privacy Shield for the Protection of Personal Data Transferred from within the EU to the United States of America.

You can contact us at any time, using the contact details set out above, to learn more about the countries where we transfer your data, perecum and the guarantees we have implemented with respect to these transfers.

How do we protect the security of your data Personal

We are committed to ensuring the security of personal data by implementing appropriate technical and organisational measures, in accordance with industry standards.

Transmission of your data personal data is done using encryption algorithms and we store them on secure servers, while ensuring data redundancy.

To make payments we use the services of the MobilPay payment processor. Any payment information is encrypted.

Despite the steps taken to protect your personal data, you may not be personal data, we would like to point out that the transmission of information over the Internet, in general, or through other public networks, is not completely secure, with the risk that the data will be seen and used by unauthorized third parties. We cannot be responsible for such vulnerabilities of systems that are not under our control.

What rights do you have

The General Data Protection Regulation recognises a number of rights in relation to your data. Personal. You can request access to your data, correct any mistakes in our files, and/or object to the processing of your data. Personal. You may also exercise your right to complain to the competent supervisory authority or to seek justice. If applicable, you may also have the right to request the deletion of your personal data. personal data, the right to restrict the processing of your personal data. and the right to data portability.

More information on each of these rights can be obtained by consulting the table below.

In order to exercise your rights, you can contact us using the contact details set out above. Please note the following if you wish to exercise these rights:

Identity. We take seriously the confidentiality of all records containing personal data. For this reason, please send us your requests. on such records using your email address. Otherwise, we reserve the right to verify your identity by requesting additional information aimed at confirming your identity.

Honoraries. We will not charge you any rights to exercise your data. personal data, unless your request is valid. access to information is unfounded, i.e. repetitive or excessive, in which case we will charge a reasonable amount in such circumstances.  We will inform you of any fees applied before you resolve your request.

Duration of response. We intend to respond to any valid requests within a maximum of one month, unless this is particularly complicated or if you have made several requests, in which case we are expected to respond within a maximum of two months. We'll let you know if we need more than a month. We may ask you if you can tell us exactly what you want to receive or what you are worried about. This will help us act faster and shorten the response time to your request.

Third-party rights. We must not comply with a request if it would adversely affect the rights and freedoms of other data subjects.

Drepturi vizate

You can ask us:

să confirmăm dacă vă prelucrăm datele cu caracter personal;
să vă punem la dispoziție o copie a acestor date;
să vă oferim alte informații despre datele dvs. cu caracter personal, cum ar fi datele pe care le avem, la ce le folosim, cui i le divulgăm, dacă le transferăm în străinătate și cum le protejăm, cât timp le păstrăm, ce drepturi aveți, cum puteți face o plângere, de unde am obținut datele dvs., în măsura în care informațiile nu v-au fost deja furnizate prin această informare.

Ne puteți cere să rectificăm sau să completăm datele dvs cu caracter personal inexacte sau incomplete.

We may try to verify the accuracy of the data before it is corrected.

Ștergerea datelor
Ne puteți cere oricând să vă ștergem datele cu caracter personal.
Nu avem obligația de a ne conforma solicitării dvs. de ștergere a datelor dvs. cu caracter personal în cazul în care prelucrarea datelor dvs. cu caracter personal este necesară:

pentru respectarea unei obligații legale; sau
pentru constatarea, exercitarea sau apărarea unui drept în instanță.
Există anumite alte circumstanțe în care nu suntem obligați să respectăm solicitarea dvs. de ștergere a datelor, deși acestea două sunt cele mai probabile circumstanțe în care v-am putea refuza această solicitare.

Restricționarea prelucrării datelor
Ne puteți cere să restricționăm prelucrarea datelor cu caracter personal, dar numai în cazul în care:

acuratețea lor este contestată (a se vedea secțiunea de rectificare), pentru a ne permite să verificăm acuratețea acestora; sau
prelucrarea este ilegală, dar nu doriți ca datele să fie șterse; sau
acestea nu mai sunt necesare pentru scopurile pentru care au fost colectate, dar dvs aveți nevoie de ele pentru a constata, a exercita sau a apăra un drept în instanță; sau
v-ați exercitat dreptul de a vă opune, iar verificarea dacă drepturile noastre prevalează este în desfășurare.
Putem continua să folosim datele dvs. cu caracter personal în urma unei solicitări de restricționare, în cazul în care:

avem consimțământul dvs.; sau
pentru a constata, exercita sau asigura apărarea unui drept în instanță; sau
pentru a proteja drepturile THAIco SPA sau ale altei persoane fizice sau juridice.

Portabilitatea datelor
Ne puteți cere să vă furnizăm datele cu caracter personal într-un format structurat, utilizat în mod curent și care poate fi citit automat, sau puteți solicita ca acesta să fie „portat” direct către un alt operator de date, dar în fiecare caz numai dacă:

prelucrarea se bazează pe consimțământul dvs. sau pe încheierea sau executarea unui contract cu dvs; și
prelucrarea se face prin mijloace automate.

Vă puteți opune în orice moment, din motive legate de situația particulară în care vă aflați, prelucrării datelor dvs. cu caracter personal în temeiul interesului nostru legitim, în cazul în care considerați că drepturile și libertățile dvs. fundamentale prevalează față de acest interes.

You can also object to the processing of your data at any time. for direct marketing purposes, without invoking any reason, in which case we will cease this processing as soon as possible.

Aveți dreptul să depuneți o plângere la autoritatea de supraveghere cu privire la prelucrarea datelor dvs. cu caracter personal. În România, datele de contact ale autorității de supraveghere pentru protecția datelor sunt următoarele:

National Supervisory Authority for Personal Data Processing

General. Gheorghe Magheru nr. 28-30, Sector 1, postal code 010336, Bucharest, Romania

Phone: +40.318.059.211 or +40.318.059.212;


Without affecting your right to contact the supervisory authority at any time, please contact us in advance, and we promise that we will make every effort to resolve any matter amicably.

Reamintim faptul ca puteti contacta in orice moment Responsabilul THAIco SPA cu protecția datelor prin transmiterea solicitarii dvs prin oricare dintre urmatoarele modalitati:
– prin e-mail la adresa: contact@thsicospa.ro sau

– by post or courier at: Bucharest, Sevastopol Entry No.1, Sector 1 – with the attention of the DATA Protection Officer THAIco SPA.